Polish Planes Grounded After Airline Hit With DDoS Attack

Roughly 1,400 passengers were temporarily stranded at Warsaw’s Frederic Chopin airport over the weekend after hackers were purportedly able to modify an entire airline’s flight plans via a distributed denial of service (DDoS) attack.

On Sunday someone was able to infiltrate the computer system of the Polish airline LOT and successfully cancel 10 of the carrier’s flights. A dozen other flights were reportedly delayed, according to Reuters.

Many passengers were able to board the flights — destined for Munich, Hamburg, Dusseldorf, and Copenhagen, among other cities — later in the day and regular service was resumed Monday according to LOT spokesman Adrian Kubicki.

The airline insists that at no point was the safety of any ongoing flights at risk, nor were any other airports affected, but stressed that the attack could be a sign of things to come.

“We’re using state-of-the-art computer systems, so this could potentially be a threat to others in the industry,” Kubicki warned, adding that authorities were investigating the attack.

“This is an industry problem on a much wider scale, and for sure we have to give it more attention,” Mikosz said, “I expect it can happen to anyone anytime.”

Kubicki claimed the attack may have been the result of a distributed denial of service attack on Monday and that LOT experienced something he called “a capacity attack” that overloaded the airline’s network.

While technical details around the incident have been scant, several security researchers agree it could be cause for alarm.

“Initially, it seems that flight’s plan couldn’t be generated which may indicate that key nodes in the back office were compromised,” Santamarta said Monday. “On the other hand the inability to perform or validate data loading on aircraft (including flight plans), using the standard procedures, should make us think of another attack vector, possibly against the ground communication devices.”

Last summer at Black Hat Santamarta described how aircraft — including passenger jets – along with ships, oil rigs, and wind turbines could be compromised by exploiting its embedded satellite communications (SATCOM) equipment.

Andrey Nikishin, Director of Future Technology Projects at Kaspersky Lab, believes there could be two stories behind the hack.

The incident could’ve come as a result of human error, or an electrical or hard drive malfunction, Nikishin claims, or perhaps stem from a “more Hollywood style scenario” wherein the attack is a precursor to a bigger, more significant disruption.

“Warsaw airport is fairly small compared to Schiphol (Amsterdam) or Heathrow (London) and, depending on the time of day, there are only around 11 flights taking off every hour. ”

“What if the incident was just a training action or reconnaissance operation before a more massive cyber-attack on a much busier airport like Charles de Gaulle in Paris or JFK in New York?” Nikishin said. “Regardless of the reason and the threat actors, we can see how our life depends on computers and how vulnerable to cyber-threats national critical infrastructure objects have become.”

Earlier this year security researcher Chris Roberts made headlines by getting removed from an American Airlines flight and questioned by the F.B.I. after he claimed he was able to compromise its onboard infrastructure. Roberts told the F.B.I. that he managed to hack into several planes’ in-flight entertainment systems nearly 20 times from 2011 to 2014 although most airlines have refuted these claims.

About Chris Brook

"Distrust and caution are the parents of security" - Benjamin Franklin